The web server contains an application which may have a vulnerability.
If the vulnerability is present, an unauthorized user could read files,
change files, or execute commands on the server.
The Hypertext Transport Protocol (HTTP) allows a client
to access HTML pages and other web applications using a web browser.
HTTP servers contain programs which perform
functions on the server at the request of the client (when a form
is submitted, for example), and transmit
results to the client's browser in the form of an HTML page.
csSearch.cgi, csGuestbook.cgi, csLiveSupport.cgi, csNews.cgi, csChatRBox.cgi:
These scripts, developed by CGIScript.net,
store their configuration
information in a file called setup.cgi which is executed
whenever the script runs. Due to a vulnerability in these scripts, it is possible for a remote attacker
to write arbitrary commands to the setup.cgi file, which
are subsequently executed.
The freeware version of csSearch can be upgraded
to version 2.5 or higher. If you are using any other CGIScript product, contact
the vendor to determine whether you are vulnerable and to obtain the
csSearch.cgi, csGuestbook.cgi, csLiveSupport.cgi,
The vulnerability in csSearch was posted to http://www.securityfocus.com/archive/1/264169 Bugtraq archive 264169.
The vulnerabilities in the other products were also posted to
http://www.securityfocus.com/archive/1/266432 Bugtraq archive 266432.
Low Attack Complexity, Complete Confidentiality Impact, Complete Integrity Impact, Complete Availability Impact